The next big hack

There it is. The second big hack after the DAO disaster (fun fact: the last hardfork was exactly 1 year ago today).

What happened?

Yesterday evening several twitter account tweeted about a security alert. The code of the multisig wallet contract provided by Parity contained a simple but fundamental flaw. An update in March introduced the possibility to easily take over ownership of this of contract and hence be able to transfer all of its funds. Unfortunately the contract had been deployed several times. Obviously without a proper review. Even by companies that are involved in Ethereum Blockchain development. Swarm City for example lost more than 153,000 Ether.

White hats to the rescue.

What happened next is typical for the ethereum community. The white hat group entered the stage again. They immediately started using the same exploit, the real hacker was using. They were able to “secure” the remaining Ether from vulnerable contracts in order to give it back to the rightful owner. But everything that was lost to the real hacker is gone.

So will there be another fork?

No not this time. The reason is simple: There is not chance for a clean fork as there was back in the DAO days. The hacker was able to move the funds right away. During the DAO hack there was a window of 27 days to prepare for the hardfork. This time the damage was imminent.

Isn´t that bad for Ethereum?

Yes and no. It shows its weakness. I was expecting a bad crash after I first saw the security alerts and the messages saying that a lof of funds were lost already. But I guess the dimensions have changed since last year. 30.000.000 USD don´t seem to be to big of a deal anymore. Of course people started blaming developers and soliditiy, the programming language. And they are right. It is unspeakable that such a bug is actually commited to such a mission critical functionality of the partiy wallet without proper review. Even worse is the fact that the contract had been deployed so many times without taking a look at the source code. Trustless world? Not so much eh? People are now pointing out the problems of solidity . Those problems will be fixed. There will be tools to avoid such mistakes. It will take time. And we will see more of those incidents. What doesn´t kill us makes us stronger.

Up – Down – Crypto Bubble?

These days most digital coins are (still) going down. Did the bubble burst? I don’t think so, it is rather an adjustment, since most market rates were at all time highs. Regarding cryptocurrency and related business models I believe it is too early to speak of a bubble. That is why:

  • Bitcoin has been around for some years now. The concept was first mentioned in 2008 and published as Open Source code in January 2009 by Satoshi Nakamoto. The currency is still there and people keep trading it. More and more stores accept Bitcoin:
  • With Ethereum not only another digital coin but a concept of smart money, contracts and applications was introduced. This is a foundation for new promising business models and has a high potential for disruption in many industries: It is a new transaction layer in the internet which allows to build in its shareholders and customers at the same time by using smart contracts.
  • Based on Ethereum new token or coin sales take place. With the initial coin offering (ICO) founders seek for world wide funding for their ideas. Many ideas will fail, a few will be successful. This is just like funding startups, but a lot easier, since investors only have to buy the new coins. Anyone can invest and anyone can lose their investment if the business does not succeed.
  • Cryptocurrencies and smart contracts will become more and more a new way to make business. But of course, this does not mean every coin or new business idea will last.  Before investing make your due diligence, be patient and also be prepared to fail.

So, there is not one big bubble, but great opportunities and also many risks to fail in the space of smart money and contracts.